In this Underground video, Crash Overron explains CSRF (Cross Site Request Forgery), and how it can be used to force a user’s browser into performing an undesirable action on a website. Basically, CSRF tricks a browser into requesting a web page that is design to perform a specific function such as changing user settings. Furthermore, if the page allows GET variables, an attacker can modify that user’s settings. Commonly, CSRF attacks are hidden in image html tags.